Fraud concern as hundreds of applicant passport numbers discoverable online, including TMview

• Nearly 400 applicant passport numbers published by global IP offices
• Information easily discoverable on EUIPO’s TMview search platform
• Fraud expert tells WTR that information can be used for identity theft

A fraud expert has voiced concern at passport numbers of trademark applicants being published by IP offices around the world, all of which are discoverable on the EUIPO’s TMview search platform.

Last month, WTR exclusively revealed that China’s National Intellectual Property Administration (CNIPA) had published the passport details of thousands of individuals – including a number of public figures such as Taylor Swift, Ringo Starr, JK Rowling, Venus Williams, and Lionel Messi. The information was publicly available via search engines that had access to CNIPA trademark data. The revelation sparked alarm with trademark attorneys; for example, Chris McLeod, partner at UK-based law firm Elkington and Fife, said that “the onus should be on CNIPA to keep this information secure” and that “it seems clearly open to abuse”.

Yesterday, CNIPA and the EUIPO announced the availability of Chinese trademark data – amounting to 32 million records – on the TMview search platform. The move has been heralded as a milestone in trademark data accessibility, with EUIPO executive director Christian Archambeau saying yesterday that it is “a tribute to the mutually beneficial cooperation between China and Europe” and “a welcome step forward in the efficiency and transparency of the global trademark system”.

In total, TMview now offers search access to over 94 million trademark applications, making it the largest publicly-available free database of trademark information. However, further investigation from WTR has identified nearly 400 applications on the TMview platform that contain the full passport number of trademark applicants.

Unsurprisingly, the vast majority (370) are from CNIPA records. While concerning, the figure is significantly lower than the number of passport numbers identified two weeks ago, suggesting the office (or impacted applicants) have taken steps to remove the data. For example, the CNIPA application that previously contained Taylor Swift’s passport number has been changed, with the pop star’s legal entity (TAS Rights Management LLC) now listed as the applicant, removing the need to supply personal identification details.

Outside of CNIPA, WTR further identified records on TMview from other IP offices that contain the full passport number of applicants. They include trademark applications from the IP registries of Malaysia (7), Thailand (5), India (2), North Macedonia (2), Brunei (1), and the UK (1).

The majority of identified applications appear to be from applicants (or their legal representative) inadvertently including their full passport number when filing. While not the fault of the IP offices in question, the public availability of such sensitive information is a concern that should be urgently addressed, according to Ron Cresswell, research specialist at the Association of Certified Fraud Examiners (ACFE). “While not as bad as having a government identification number or birth date published, the publication of passport numbers is still a fraud risk,” Cresswell told WTR. “It could be used to get other sensitive information, which could help to build a profile for the purpose of identity theft or other fraud schemes.”

If a passport number is published, he continued, the individuals affected should contact the organisation, website or search engine and submit a request to have it removed. “Depending on their jurisdiction, the passport number might also be protected by data privacy laws, [and those affected] could file a complaint with their local data protection authority or the appropriate government agency,” Cresswell added

WTR has contacted the relevant IP offices alerting them to the publication of sensitive data, and also sent a full list of the applications to the EUIPO.

In response, the deputy CEO of the UKIPO, David Holdsworth, confirmed that the registry will take action to ensure applicants do not unnecessarily reveal sensitive information. “The IPO does not require applicant passport numbers and does not request them,” he told WTR today. “We have, however, been made aware of an instance where a trademark applicant has included their passport number within the ‘owner’s name’ field.  We are now taking immediate steps to identify and remove the data from applications where this has occurred and will look at how we prevent applicants entering unnecessary data in future.”

Update: An EUIPO spokesperson confirmed to WTR: “We are getting in touch with the offices responsible for the data in order to remedy the situation as soon as possible.”